> > "Theo de Raadt" [email protected] wrote: > > > Cord [email protected] wrote: > > > > > You are free to believe or not to believe, but you are not free to insult > > > me. > > > Is that clear ? > > > > Or what.. you'll throw your tinfoil hat at them? > > Haven't you yet been diagnosed w/ ODD? :) > > Cord: you're prolly being overly paranoid, and your assertions are > somewhat vague. Many people here have trouble dealing w/ that, me > included. Thus: please excuse us if we cannot give you the answers > you seek. What mecan say is that some of the problems you > identified are a natural consequence of the unreliability of IP. >
I understand you perfectly but there are some points I want highlight: 1) the old times of webdeface or hackers that want show the insecurity of software or website are past. today the vast majority of hacking world is submerged. None want leave trace or leave evidences. Then there is a huge number of hacked site and hackaed desktop out there. Many people didn't know that their pc or phone is not under their control anymore. The new frontier of hacking is espionage. None want be discovered. 2) Sometime the old schema to pull out evidence of hacking are not valid anymore. For example if you are Edward Snowden all that little and subjective things that are not important for a common person become very important because the context is very different. If you are an important entrepreneur and you see that the projects you're working and that are in your pc now are exactly the same that are producting your competitor, then you become very suspicious. If this happens many times you're absolutely sure that your projects were been exfiltrated from your pc. BUT THERE ARE NOT EVIDENCES. And for privacy reason you don't want explain yourself and you become vague. Of course those are just examples. Now, in my opinion, because you (not you, but who reply to email like mine) don't know who I am and you can't contextualize, the best choice you have is just reply the best way you can. Without judgement. If you don't know, you don't reply. 3) Today security is a huge business, times are very changed. If someone find a remote kernel bug in openbsd what does he do ? Does He write a message to [email protected] or run away to sell it in the dark web for $50,000 ? If someone find a remote bug in the linux kernel, does he send an email to the full disclosure mailing list or sell it to any government espionage agency ? Times are changed, many bug are still there, you don't know and many people have huge interests to not discover it. The same concept is valid also for new vector attack, new exploiting technique, new hiding technology, new code manipulation and so on. Money and power means do not disclosure, keep it secret. > No reason to be a jerk, though. > Without a doubt > HTH, >
